summaryrefslogtreecommitdiff
path: root/src/libcharon/encoding/payloads
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-02-07 13:27:27 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-02-07 13:27:27 +0100
commit7585facf05d927eb6df3929ce09ed5e60d905437 (patch)
treee4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libcharon/encoding/payloads
parentc1343b3278cdf99533b7902744d15969f9d6fdc1 (diff)
downloadvyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz
vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libcharon/encoding/payloads')
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.c18
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.h14
-rw-r--r--src/libcharon/encoding/payloads/certreq_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/cp_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/cp_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.c8
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/fragment_payload.c225
-rw-r--r--src/libcharon/encoding/payloads/fragment_payload.h94
-rw-r--r--src/libcharon/encoding/payloads/id_payload.c5
-rw-r--r--src/libcharon/encoding/payloads/ike_header.h2
-rw-r--r--src/libcharon/encoding/payloads/ke_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/payload.c60
-rw-r--r--src/libcharon/encoding/payloads/payload.h17
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.c36
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.h24
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.c10
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.h10
-rw-r--r--src/libcharon/encoding/payloads/traffic_selector_substructure.c2
-rw-r--r--src/libcharon/encoding/payloads/traffic_selector_substructure.h2
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.c2
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.h2
-rw-r--r--src/libcharon/encoding/payloads/ts_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/ts_payload.h2
25 files changed, 469 insertions, 78 deletions
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index 3a230b91e..a32f5705d 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -234,6 +234,23 @@ METHOD(cert_payload_t, get_cert, certificate_t*,
BUILD_BLOB_ASN1_DER, this->data, BUILD_END);
}
+METHOD(cert_payload_t, get_container, container_t*,
+ private_cert_payload_t *this)
+{
+ int type;
+
+ switch (this->encoding)
+ {
+ case ENC_PKCS7_WRAPPED_X509:
+ type = CONTAINER_PKCS7;
+ break;
+ default:
+ return NULL;
+ }
+ return lib->creds->create(lib->creds, CRED_CONTAINER, type,
+ BUILD_BLOB_ASN1_DER, this->data, BUILD_END);
+}
+
METHOD(cert_payload_t, get_hash, chunk_t,
private_cert_payload_t *this)
{
@@ -289,6 +306,7 @@ cert_payload_t *cert_payload_create(payload_type_t type)
.destroy = _destroy,
},
.get_cert = _get_cert,
+ .get_container = _get_container,
.get_cert_encoding = _get_cert_encoding,
.get_hash = _get_hash,
.get_url = _get_url,
diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index 19ed2ccd2..834f35d60 100644
--- a/src/libcharon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
@@ -28,10 +28,11 @@ typedef enum cert_encoding_t cert_encoding_t;
#include <library.h>
#include <credentials/certificates/certificate.h>
+#include <credentials/containers/container.h>
#include <encoding/payloads/payload.h>
/**
- * Certifcate encodings, as in RFC4306
+ * Certificate encodings, as in RFC4306
*/
enum cert_encoding_t {
ENC_PKCS7_WRAPPED_X509 = 1,
@@ -65,13 +66,20 @@ struct cert_payload_t {
payload_t payload_interface;
/**
- * Get the playoads encoded certifcate.
+ * Get the payloads encoded certificate.
*
- * @return certifcate copy
+ * @return certificate copy
*/
certificate_t *(*get_cert)(cert_payload_t *this);
/**
+ * Get the payloads certificate container.
+ *
+ * @return container copy
+ */
+ container_t *(*get_container)(cert_payload_t *this);
+
+ /**
* Get the encoding of the certificate.
*
* @return encoding
diff --git a/src/libcharon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h
index cce71c0ad..2915decf3 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.h
+++ b/src/libcharon/encoding/payloads/certreq_payload.h
@@ -56,7 +56,7 @@ struct certreq_payload_t {
/**
* Add a certificates keyid to the payload (IKEv2 only).
*
- * @param keyid keyid of the trusted certifcate
+ * @param keyid keyid of the trusted certificate
* @return
*/
void (*add_keyid)(certreq_payload_t *this, chunk_t keyid);
diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c
index 40f6ae48f..f6f373f99 100644
--- a/src/libcharon/encoding/payloads/cp_payload.c
+++ b/src/libcharon/encoding/payloads/cp_payload.c
@@ -20,7 +20,7 @@
#include "cp_payload.h"
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
ENUM(config_type_names, CFG_REQUEST, CFG_ACK,
"CFG_REQUEST",
diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index 5eb1e06a7..c23bc0bb4 100644
--- a/src/libcharon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -28,7 +28,7 @@ typedef struct cp_payload_t cp_payload_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/configuration_attribute.h>
-#include <utils/enumerator.h>
+#include <collections/enumerator.h>
/**
* Config Type of an Configuration Payload.
diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index dd2e25795..f2f35aa69 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -410,14 +410,15 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
eap_type_t reg_type;
u_int32_t reg_vendor;
bio_writer_t *writer;
- chunk_t length, data;
+ chunk_t data;
bool added_any = FALSE, found_vendor = FALSE;
eap_payload_t *payload;
writer = bio_writer_create(12);
writer->write_uint8(writer, EAP_RESPONSE);
writer->write_uint8(writer, identifier);
- length = writer->skip(writer, 2);
+ /* write zero length, we update it once we know the length */
+ writer->write_uint16(writer, 0);
write_type(writer, EAP_NAK, 0, expanded);
@@ -453,10 +454,9 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
/* set length */
data = writer->get_buf(writer);
- htoun16(length.ptr, data.len);
+ htoun16(data.ptr + offsetof(eap_packet_t, length), data.len);
payload = eap_payload_create_data(data);
writer->destroy(writer);
return payload;
}
-
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 02e7b8bf3..6ba1b23a0 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -23,7 +23,7 @@
#include <daemon.h>
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <encoding/generator.h>
#include <encoding/parser.h>
diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c
new file mode 100644
index 000000000..1a6b3234b
--- /dev/null
+++ b/src/libcharon/encoding/payloads/fragment_payload.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "fragment_payload.h"
+
+#include <encoding/payloads/encodings.h>
+
+/** Flag that is set in case the given fragment is the last for the message */
+#define LAST_FRAGMENT 0x01
+
+typedef struct private_fragment_payload_t private_fragment_payload_t;
+
+/**
+ * Private data of an fragment_payload_t object.
+ */
+struct private_fragment_payload_t {
+
+ /**
+ * Public fragment_payload_t interface.
+ */
+ fragment_payload_t public;
+
+ /**
+ * Next payload type.
+ */
+ u_int8_t next_payload;
+
+ /**
+ * Reserved byte
+ */
+ u_int8_t reserved;
+
+ /**
+ * Length of this payload.
+ */
+ u_int16_t payload_length;
+
+ /**
+ * Fragment ID.
+ */
+ u_int16_t fragment_id;
+
+ /**
+ * Fragment number.
+ */
+ u_int8_t fragment_number;
+
+ /**
+ * Flags
+ */
+ u_int8_t flags;
+
+ /**
+ * The contained fragment data.
+ */
+ chunk_t data;
+};
+
+/**
+ * Encoding rules for an IKEv1 fragment payload
+ */
+static encoding_rule_t encodings[] = {
+ /* 1 Byte next payload type, stored in the field next_payload */
+ { U_INT_8, offsetof(private_fragment_payload_t, next_payload) },
+ { RESERVED_BYTE, offsetof(private_fragment_payload_t, reserved) },
+ /* Length of the whole payload*/
+ { PAYLOAD_LENGTH, offsetof(private_fragment_payload_t, payload_length) },
+ { U_INT_16, offsetof(private_fragment_payload_t, fragment_id) },
+ { U_INT_8, offsetof(private_fragment_payload_t, fragment_number) },
+ { U_INT_8, offsetof(private_fragment_payload_t, flags) },
+ /* Fragment data is of variable size */
+ { CHUNK_DATA, offsetof(private_fragment_payload_t, data) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload ! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Fragment ID ! Fragment Num ! Flags !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! !
+ ~ Fragment Data ~
+ ! !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+METHOD(payload_t, verify, status_t,
+ private_fragment_payload_t *this)
+{
+ if (this->fragment_number == 0)
+ {
+ return FAILED;
+ }
+ return SUCCESS;
+}
+
+METHOD(payload_t, get_encoding_rules, int,
+ private_fragment_payload_t *this, encoding_rule_t **rules)
+{
+ *rules = encodings;
+ return countof(encodings);
+}
+
+METHOD(payload_t, get_header_length, int,
+ private_fragment_payload_t *this)
+{
+ return 8;
+}
+
+METHOD(payload_t, get_type, payload_type_t,
+ private_fragment_payload_t *this)
+{
+ return FRAGMENT_V1;
+}
+
+METHOD(payload_t, get_next_type, payload_type_t,
+ private_fragment_payload_t *this)
+{
+ return this->next_payload;
+}
+
+METHOD(payload_t, set_next_type, void,
+ private_fragment_payload_t *this, payload_type_t type)
+{
+ this->next_payload = type;
+}
+
+METHOD(payload_t, get_length, size_t,
+ private_fragment_payload_t *this)
+{
+ return this->payload_length;
+}
+
+METHOD(fragment_payload_t, get_id, u_int16_t,
+ private_fragment_payload_t *this)
+{
+ return this->fragment_id;
+}
+
+METHOD(fragment_payload_t, get_number, u_int8_t,
+ private_fragment_payload_t *this)
+{
+ return this->fragment_number;
+}
+
+METHOD(fragment_payload_t, is_last, bool,
+ private_fragment_payload_t *this)
+{
+ return (this->flags & LAST_FRAGMENT) == LAST_FRAGMENT;
+}
+
+METHOD(fragment_payload_t, get_data, chunk_t,
+ private_fragment_payload_t *this)
+{
+ return this->data;
+}
+
+METHOD2(payload_t, fragment_payload_t, destroy, void,
+ private_fragment_payload_t *this)
+{
+ free(this->data.ptr);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+fragment_payload_t *fragment_payload_create()
+{
+ private_fragment_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .payload_interface = {
+ .verify = _verify,
+ .get_encoding_rules = _get_encoding_rules,
+ .get_header_length = _get_header_length,
+ .get_length = _get_length,
+ .get_next_type = _get_next_type,
+ .set_next_type = _set_next_type,
+ .get_type = _get_type,
+ .destroy = _destroy,
+ },
+ .get_id = _get_id,
+ .get_number = _get_number,
+ .is_last = _is_last,
+ .get_data = _get_data,
+ .destroy = _destroy,
+ },
+ .next_payload = NO_PAYLOAD,
+ );
+ this->payload_length = get_header_length(this);
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last,
+ chunk_t data)
+{
+ private_fragment_payload_t *this;
+
+ this = (private_fragment_payload_t*)fragment_payload_create();
+ this->fragment_id = 1;
+ this->fragment_number = num;
+ this->flags |= (last ? LAST_FRAGMENT : 0);
+ this->data = chunk_clone(data);
+ this->payload_length = get_header_length(this) + data.len;
+ return &this->public;
+} \ No newline at end of file
diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h
new file mode 100644
index 000000000..a49cf32dd
--- /dev/null
+++ b/src/libcharon/encoding/payloads/fragment_payload.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup fragment_payload fragment_payload
+ * @{ @ingroup payloads
+ */
+
+#ifndef FRAGMENT_PAYLOAD_H_
+#define FRAGMENT_PAYLOAD_H_
+
+typedef struct fragment_payload_t fragment_payload_t;
+
+#include <library.h>
+#include <encoding/payloads/payload.h>
+
+/**
+ * Object representing an IKEv1 fragment payload.
+ */
+struct fragment_payload_t {
+
+ /**
+ * The payload_t interface.
+ */
+ payload_t payload_interface;
+
+ /**
+ * Get the fragment ID. Identifies the fragments for a particular IKE
+ * message.
+ *
+ * @return fragment ID
+ */
+ u_int16_t (*get_id)(fragment_payload_t *this);
+
+ /**
+ * Get the fragment number. Defines the order of the fragments.
+ *
+ * @return fragment number
+ */
+ u_int8_t (*get_number)(fragment_payload_t *this);
+
+ /**
+ * Check if this is the last fragment.
+ *
+ * @return TRUE if this is the last fragment
+ */
+ bool (*is_last)(fragment_payload_t *this);
+
+ /**
+ * Get the fragment data.
+ *
+ * @return chunkt to internal fragment data
+ */
+ chunk_t (*get_data)(fragment_payload_t *this);
+
+ /**
+ * Destroys an fragment_payload_t object.
+ */
+ void (*destroy)(fragment_payload_t *this);
+};
+
+/**
+ * Creates an empty fragment_payload_t object.
+ *
+ * @return fragment_payload_t object
+ */
+fragment_payload_t *fragment_payload_create();
+
+/**
+ * Creates a fragment payload from the given data. All fragments currently
+ * have the same fragment ID (1), which seems what other implementations are
+ * doing.
+ *
+ * @param num fragment number (first one should be 1)
+ * @param last TRUE to indicate that this is the last fragment
+ * @param data fragment data (gets cloned)
+ * @return fragment_payload_t object
+ */
+fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last,
+ chunk_t data);
+
+#endif /** FRAGMENT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index 02b07d691..7470bb3b4 100644
--- a/src/libcharon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
@@ -165,7 +165,7 @@ METHOD(payload_t, verify, status_t,
{
bool bad_length = FALSE;
- if (this->type == NAT_OA_V1 &&
+ if ((this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) &&
this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR)
{
DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names,
@@ -195,7 +195,8 @@ METHOD(payload_t, verify, status_t,
METHOD(payload_t, get_encoding_rules, int,
private_id_payload_t *this, encoding_rule_t **rules)
{
- if (this->type == ID_V1 || this->type == NAT_OA_V1)
+ if (this->type == ID_V1 ||
+ this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1)
{
*rules = encodings_v1;
return countof(encodings_v1);
diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index e6b7d0dff..d9a44dd0c 100644
--- a/src/libcharon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
@@ -72,7 +72,7 @@ enum exchange_type_t{
AUTH_ONLY = 3,
/**
- * Aggresive (Aggressive mode)
+ * Aggressive (Aggressive mode)
*/
AGGRESSIVE = 4,
diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h
index 5942954d9..d3aa18484 100644
--- a/src/libcharon/encoding/payloads/ke_payload.h
+++ b/src/libcharon/encoding/payloads/ke_payload.h
@@ -27,7 +27,7 @@ typedef struct ke_payload_t ke_payload_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_substructure.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <crypto/diffie_hellman.h>
/**
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index beec1e233..498c659b1 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -30,7 +30,7 @@ typedef struct notify_payload_t notify_payload_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/proposal_substructure.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
/**
* Notify message types for IKEv2, and a subset for IKEv1.
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index dc158476b..f9dd33edb 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -36,6 +36,7 @@
#include <encoding/payloads/configuration_attribute.h>
#include <encoding/payloads/eap_payload.h>
#include <encoding/payloads/hash_payload.h>
+#include <encoding/payloads/fragment_payload.h>
#include <encoding/payloads/unknown_payload.h>
ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
@@ -79,20 +80,17 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METH
#ifdef ME
ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD,
"ID_PEER");
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
- "HEADER",
- "PROPOSAL_SUBSTRUCTURE",
- "PROPOSAL_SUBSTRUCTURE_V1",
- "TRANSFORM_SUBSTRUCTURE",
- "TRANSFORM_SUBSTRUCTURE_V1",
- "TRANSFORM_ATTRIBUTE",
- "TRANSFORM_ATTRIBUTE_V1",
- "TRAFFIC_SELECTOR_SUBSTRUCTURE",
- "CONFIGURATION_ATTRIBUTE",
- "CONFIGURATION_ATTRIBUTE_V1",
- "ENCRYPTED_V1");
+ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER,
+ "NAT_D_DRAFT_V1",
+ "NAT_OA_DRAFT_V1",
+ "FRAGMENT");
#else
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD,
+ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD,
+ "NAT_D_DRAFT_V1",
+ "NAT_OA_DRAFT_V1",
+ "FRAGMENT");
+#endif /* ME */
+ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1,
"HEADER",
"PROPOSAL_SUBSTRUCTURE",
"PROPOSAL_SUBSTRUCTURE_V1",
@@ -104,7 +102,6 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METH
"CONFIGURATION_ATTRIBUTE",
"CONFIGURATION_ATTRIBUTE_V1",
"ENCRYPTED_V1");
-#endif /* ME */
ENUM_END(payload_type_names, ENCRYPTED_V1);
/* short forms of payload names */
@@ -147,23 +144,19 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWOR
"EAP",
"GSPM");
#ifdef ME
-ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER,
- GENERIC_SECURE_PASSWORD_METHOD,
+ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD,
"IDp");
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
- "HDR",
- "PROP",
- "PROP",
- "TRANS",
- "TRANS",
- "TRANSATTR",
- "TRANSATTR",
- "TSSUB",
- "CATTR",
- "CATTR",
- "E");
+ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER,
+ "NAT-D",
+ "NAT-OA",
+ "FRAG");
#else
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD,
+ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD,
+ "NAT-D",
+ "NAT-OA",
+ "FRAG");
+#endif /* ME */
+ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1,
"HDR",
"PROP",
"PROP",
@@ -175,7 +168,6 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWOR
"CATTR",
"CATTR",
"E");
-#endif /* ME */
ENUM_END(payload_type_short_names, ENCRYPTED_V1);
/*
@@ -206,6 +198,7 @@ payload_t *payload_create(payload_type_t type)
case ID_RESPONDER:
case ID_V1:
case NAT_OA_V1:
+ case NAT_OA_DRAFT_00_03_V1:
#ifdef ME
case ID_PEER:
#endif /* ME */
@@ -239,6 +232,7 @@ payload_t *payload_create(payload_type_t type)
case HASH_V1:
case SIGNATURE_V1:
case NAT_D_V1:
+ case NAT_D_DRAFT_00_03_V1:
return (payload_t*)hash_payload_create(type);
case CONFIGURATION:
case CONFIGURATION_V1:
@@ -251,6 +245,8 @@ payload_t *payload_create(payload_type_t type)
case ENCRYPTED:
case ENCRYPTED_V1:
return (payload_t*)encryption_payload_create(type);
+ case FRAGMENT_V1:
+ return (payload_t*)fragment_payload_create();
default:
return (payload_t*)unknown_payload_create(type);
}
@@ -283,6 +279,10 @@ bool payload_is_known(payload_type_t type)
return TRUE;
}
#endif
+ if (type >= NAT_D_DRAFT_00_03_V1 && type <= FRAGMENT_V1)
+ {
+ return TRUE;
+ }
return FALSE;
}
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index d5e862601..0e8a9267b 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -123,7 +123,7 @@ enum payload_type_t {
NAT_D_V1 = 20,
/**
- * NAT original address payload (NAT-OA)
+ * NAT original address payload (NAT-OA).
*/
NAT_OA_V1 = 21,
@@ -221,6 +221,21 @@ enum payload_type_t {
#endif /* ME */
/**
+ * NAT discovery payload (NAT-D) (drafts).
+ */
+ NAT_D_DRAFT_00_03_V1 = 130,
+
+ /**
+ * NAT original address payload (NAT-OA) (drafts).
+ */
+ NAT_OA_DRAFT_00_03_V1 = 131,
+
+ /**
+ * IKE fragment (proprietary IKEv1 extension)
+ */
+ FRAGMENT_V1 = 132,
+
+ /**
* Header has a value of PRIVATE USE space.
*
* This type and all the following are never sent over wire and are
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 653f51a46..ae0fce991 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -22,7 +22,7 @@
#include <encoding/payloads/encodings.h>
#include <encoding/payloads/transform_substructure.h>
#include <library.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <daemon.h>
/**
@@ -253,6 +253,8 @@ typedef enum {
IKEV1_ENCAP_TRANSPORT = 2,
IKEV1_ENCAP_UDP_TUNNEL = 3,
IKEV1_ENCAP_UDP_TRANSPORT = 4,
+ IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03 = 61443,
+ IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03 = 61444,
} ikev1_esp_encap_t;
/**
@@ -810,14 +812,30 @@ static u_int16_t get_ikev1_auth(auth_method_t method)
/**
* Get IKEv1 encapsulation mode
*/
-static u_int16_t get_ikev1_mode(ipsec_mode_t mode, bool udp)
+static u_int16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp)
{
switch (mode)
{
case MODE_TUNNEL:
- return udp ? IKEV1_ENCAP_UDP_TUNNEL : IKEV1_ENCAP_TUNNEL;
+ switch (udp)
+ {
+ case ENCAP_UDP:
+ return IKEV1_ENCAP_UDP_TUNNEL;
+ case ENCAP_UDP_DRAFT_00_03:
+ return IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03;
+ default:
+ return IKEV1_ENCAP_TUNNEL;
+ }
case MODE_TRANSPORT:
- return udp ? IKEV1_ENCAP_UDP_TRANSPORT : IKEV1_ENCAP_TRANSPORT;
+ switch (udp)
+ {
+ case ENCAP_UDP:
+ return IKEV1_ENCAP_UDP_TRANSPORT;
+ case ENCAP_UDP_DRAFT_00_03:
+ return IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03;
+ default:
+ return IKEV1_ENCAP_TRANSPORT;
+ }
default:
return IKEV1_ENCAP_TUNNEL;
}
@@ -1125,9 +1143,11 @@ METHOD(proposal_substructure_t, get_encap_mode, ipsec_mode_t,
case IKEV1_ENCAP_TUNNEL:
return MODE_TUNNEL;
case IKEV1_ENCAP_UDP_TRANSPORT:
+ case IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03:
*udp = TRUE;
return MODE_TRANSPORT;
case IKEV1_ENCAP_UDP_TUNNEL:
+ case IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03:
*udp = TRUE;
return MODE_TUNNEL;
default:
@@ -1263,7 +1283,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this,
*/
static void set_from_proposal_v1_esp(private_proposal_substructure_t *this,
proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
- ipsec_mode_t mode, bool udp, int number)
+ ipsec_mode_t mode, encap_t udp, int number)
{
transform_substructure_t *transform = NULL;
u_int16_t alg, key_size;
@@ -1459,7 +1479,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp)
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp)
{
private_proposal_substructure_t *this;
@@ -1487,7 +1507,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
*/
proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp)
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp)
{
private_proposal_substructure_t *this = NULL;
enumerator_t *enumerator;
@@ -1531,7 +1551,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
*/
proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1(
u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi,
- ipsec_mode_t mode, bool udp, u_int8_t proposal_number)
+ ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number)
{
private_proposal_substructure_t *this;
transform_substructure_t *transform;
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h
index 5d42a6116..c8e7adfd8 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.h
+++ b/src/libcharon/encoding/payloads/proposal_substructure.h
@@ -23,17 +23,27 @@
#ifndef PROPOSAL_SUBSTRUCTURE_H_
#define PROPOSAL_SUBSTRUCTURE_H_
+typedef enum encap_t encap_t;
typedef struct proposal_substructure_t proposal_substructure_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <config/proposal.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <kernel/kernel_ipsec.h>
#include <sa/authenticator.h>
/**
+ * Encap type for proposal substructure
+ */
+enum encap_t {
+ ENCAP_NONE = 0,
+ ENCAP_UDP,
+ ENCAP_UDP_DRAFT_00_03,
+};
+
+/**
* Class representing an IKEv1/IKEv2 proposal substructure.
*/
struct proposal_substructure_t {
@@ -179,12 +189,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp TRUE to use UDP encapsulation
+ * @param udp ENCAP_UDP to use UDP encapsulation
* @return proposal_substructure_t object PROPOSAL_SUBSTRUCTURE_V1
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp);
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
* Creates an IKEv1 proposal_substructure_t from a list of proposal_t.
@@ -194,12 +204,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp TRUE to use UDP encapsulation
+ * @param udp ENCAP_UDP to use UDP encapsulation
* @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1
*/
proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp);
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
* Creates an IKEv1 proposal_substructure_t for IPComp with the given
@@ -209,12 +219,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
* @param lifebytes lifebytes, in bytes
* @param cpi the CPI to be used
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp TRUE to use UDP encapsulation
+ * @param udp ENCAP_UDP to use UDP encapsulation
* @param proposal_number the proposal number of the proposal to be linked
* @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1
*/
proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1(
u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi,
- ipsec_mode_t mode, bool udp, u_int8_t proposal_number);
+ ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number);
#endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index adf19aa67..a588d4e97 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -20,7 +20,7 @@
#include "sa_payload.h"
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <daemon.h>
/* IKEv1 situation */
@@ -552,8 +552,8 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal)
*/
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
- u_int16_t cpi)
+ auth_method_t auth, ipsec_mode_t mode,
+ encap_t udp, u_int16_t cpi)
{
proposal_substructure_t *substruct;
private_sa_payload_t *this;
@@ -591,8 +591,8 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
*/
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
- u_int16_t cpi)
+ auth_method_t auth, ipsec_mode_t mode,
+ encap_t udp, u_int16_t cpi)
{
private_sa_payload_t *this;
linked_list_t *proposals;
diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index 9a88cccd5..b62a341d8 100644
--- a/src/libcharon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
@@ -27,7 +27,7 @@ typedef struct sa_payload_t sa_payload_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/proposal_substructure.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <kernel/kernel_ipsec.h>
#include <sa/authenticator.h>
@@ -133,13 +133,13 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp TRUE to use UDP encapsulation
+ * @param udp ENCAP_UDP to use UDP encapsulation
* @param cpi CPI in case IPComp should be used
* @return sa_payload_t object
*/
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp,
u_int16_t cpi);
/**
@@ -150,13 +150,13 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp TRUE to use UDP encapsulation
+ * @param udp ENCAP_UDP to use UDP encapsulation
* @param cpi CPI in case IPComp should be used
* @return sa_payload_t object
*/
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
+ auth_method_t auth, ipsec_mode_t mode, encap_t udp,
u_int16_t cpi);
#endif /** SA_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index 378f5bbc3..15f791b95 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
@@ -18,7 +18,7 @@
#include "traffic_selector_substructure.h"
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
typedef struct private_traffic_selector_substructure_t private_traffic_selector_substructure_t;
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
index 1ad5fb526..d3fbe8476 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
@@ -25,7 +25,7 @@
typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
#include <library.h>
-#include <utils/host.h>
+#include <networking/host.h>
#include <selectors/traffic_selector.h>
#include <encoding/payloads/payload.h>
diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index a4a920b60..a85027561 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@@ -22,7 +22,7 @@
#include <encoding/payloads/transform_attribute.h>
#include <encoding/payloads/encodings.h>
#include <library.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <daemon.h>
typedef struct private_transform_substructure_t private_transform_substructure_t;
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index 947df24f9..97717e65b 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -27,7 +27,7 @@ typedef struct transform_substructure_t transform_substructure_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_attribute.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <crypto/diffie_hellman.h>
#include <crypto/signers/signer.h>
#include <crypto/prfs/prf.h>
diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index a7678da73..8dfa47bc2 100644
--- a/src/libcharon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
@@ -20,7 +20,7 @@
#include "ts_payload.h"
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
typedef struct private_ts_payload_t private_ts_payload_t;
diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h
index 5a92655dc..933245c62 100644
--- a/src/libcharon/encoding/payloads/ts_payload.h
+++ b/src/libcharon/encoding/payloads/ts_payload.h
@@ -25,7 +25,7 @@
typedef struct ts_payload_t ts_payload_t;
#include <library.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <selectors/traffic_selector.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/traffic_selector_substructure.h>